This month, we have some exciting updates to share. A lot of you have welcomed the improvements to your ability to sync a forked repo with upstream from the web UI, add video on issues and pull requests, and use custom notification to cut through the noise—among other things.
Building software can be complex and challenging, but your management tools shouldn’t be. That’s why we’ve reimagined how issues work in the new GitHub Issues, now available in beta. We’ve introduced a set of features that allows you to create improved relationships between multiple issues when using issue task lists, to toggle between project boards and tables that have spreadsheets capabilities, and to add custom fields.
This month, we also launched a technical preview of GitHub Copilot, a new AI pair programmer that helps you write better code. GitHub Copilot draws context from the code you’re working on, suggesting whole lines or entire functions. Check out examples and FAQs on the GitHub Copilot page.
Does your organization use IP allow lists to restrict access to its assets? We’ve made some changes so that your installation access tokens will now respect your organization’s allowed IP addresses configuration.
GitHub Discussions integrations are now available on GitHub Actions. You can trigger an Actions workflow any time a
discussion_comment event occurs. Visit the docs for implementation details, and reach out if you have feedback.
GitHub Action environments allow you to create environments with custom protection rules and secrets, which your workflow jobs can reference. Check out the Changelog entry for more detailed information.
GitHub Desktop 2.9 expands the drag-and-drop functionality introduced in Desktop 2.7. You can now squash and reorder commits, start a new branch from an earlier commit, and amend your last commit. If you’re using an Apple Silicon machine with the new M1 chip, Desktop 2.9 also upgrades you to a native build that improves performance and reduces crashes. Check out the blog post for more details about the release.
You can now squash and reorder commits in GitHub Desktop
GitHub Enterprise Server 3.1 is now generally available! The release includes:
- GitHub Actions workflow visualizations (#88): track and troubleshoot complex workflows at a glance.
- Automerge pull requests (#107): automatically merge a pull request the moment it’s ready.
- Repository performance optimization (#108): for large, busy repositories.
See the release notes for full details.
In tandem with the new GitHub Issues revamp, we made some quality-of-life improvements with the introduction of issues forms so that maintainers can build structured forms with required fields and easy walkthroughs capturing all the important details.
Structured forms make it easier for you to enforce required fields
We’ve also introduced new state icons to enable quick differentiation between the states of your issues and pull requests.
State icons (on the left) make it easier to differentiate between your issues or pull requests at a glance
GitHub Packages Container registry, ghcr.io, is now generally available! Container registry provides the best developer experience for publishing, managing, and consuming containers on GitHub. For more information, check out the Container registry general availability blog post.
New tools to discover and resolve pull request conversations are now generally available. You can now find pull request comments in the “files changed” tab of your pull request. You can also require that all your pull request conversations are resolved before merging. See our documentation for details about how to configure your settings.
You can now require that all your pull request conversations are resolved before merging
We now show a confirmation dialog when a review is requested from a team with more than 100 members. Check out what this new functionality looks like below:
You can now celebrate new releases by reacting to them with emojis! 🎉🚀
We ❤️ this update
We shipped a lot of security updates in June, including new code scanning functionalities. You can perform free text searches against your code scanning alerts, allowing you to find specific alerts even if you don’t remember them by name. You can also control which alerts will cause a pull request check to fail by setting severity levels for them.
Maybe you use CodeQL for your code scanning? Great, we have more updates! It’s now easier to analyze multiple languages on third party CI/CD systems with the CodeQL CLI. The latest CLI release supports creating CodeQL databases for multiple languages in a single command. If you use CI/CD systems other than GitHub Actions, this makes it easier for you to run code scanning analysis. (See the Changelog entry for how to use this new option.) But wait, there’s more! Code scanning with CodeQL now includes beta support for C++20. Note that currently, CodeQL can only create CodeQL databases for C++20 code that is built with GCC on Linux. C++20 modules are not supported. We also improved the code scanning API to return the CodeQL query version used for an analysis. This can be used to reproduce results or confirm that an analysis used the latest query. Finally, CodeQL scanning now generates diagnostic information for all supported languages.
We also shipped several Dependabot updates in June. Dependabot security and version updates now support
pip version 21.1.2,
pip-tools version 6.1.0, and
pipenv version 2021-05-29. Dependabot version updates now also support Terraform 1.0, as well as support for lockfiles, providers, and private registries. Lastly, we’ve changed the way we schedule Dependabot updates: each repository is assigned a time at random, and all updates in that repository start at that time. This makes your updates faster by avoiding large usage spikes. See the Changelog entry for how to customize a specific update time.
A few more security updates:
- Secret scanning now supports user-defined patterns on private repositories. If you use GitHub Advanced Security, you can specify custom patterns for private repository secret scanning. When a new pattern is specified, secret scanning searches a repository’s entire git history for it, as well as any new commits. Check out our documentation for more on custom patterns and secret scanning.
- RubyGems, Adobe and OpenAI are now GitHub secret scanning integrators. GitHub will scan every commit to a public repository for exposed RubyGems, Adobe and OpenAI API keys. We’ll forward any keys we find to the relevant service, who will automatically disable them and notify their owners.
- Security alert notifications are now opt-in. You’ll receive security notifications only for repositories you watch and have selected to receive
All Activityfrom or which you’ve configured to include
After the launch of dark and dimmed themes, we’re presenting you with a dark high contrast theme that’s now available to all github.com users as a public beta. Opt into the beta by enabling the theme in your Feature Preview settings, located in the profile menu dropdown. Once the Feature Preview has been enabled, navigate to the “Appearance” page in your profile settings to choose the dark high contrast theme.
You can enable the dark high contrast theme through your profile settings